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Detailed Action 

Claims 1-20 are pending in this application. 
Claim Objections 
Claims 6, 7are objected to because of the following informalities: 
As per claim 6 and 7, recites "the steps of.", there should be a colon instead of a 
period after "of, to read "the steps of:". 
Appropriate correction is required. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 3,4,6,7,13,16,17 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claims 3,4,6,7,16,17 recites the limitation of "MIB Views", it is unclear what MIB 
stands for. 

Claim 13 recites the limitation, "find first" function, it is unclear what this function 
does. The examiner could not find support for this limitation in the specification. 

Claim Rejections -35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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Claims 1,2,9,10,14,15,19,20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent 6,785,728 issued to Schneider et al. (Schneider) in view of 
US Patent 6,055,575 issued to Paulsen et al.(Paulsen). 

As per claim 1, Schneider teaches a method of controlling access of network 
management requests directed to one or more network devices that participate in a 
virtual private network, the method comprising the computer-implemented steps of: 
receiving a request to carry out a management protocol operation(col.2, lines 6-24); 
identifying, among a plurality of managed objects, a subset of objects that requests 
associated with the virtual private network are permitted to access(col.5, line 61 -col. 6, 
line 16); and providing the request with access to only the subset of objects(col.6,lines 
30-36). 

Schneider does not however, explicitly teaches determining an identifier of a 
virtual private network in the request. 

Paulsen teaches determining an identifier of a virtual private network in the 
request(col.7, lines 31-39). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Schneider to explicitly add determining an 
identifier of a virtual private network in the request as taught by Paulsen in order to 
authenticate the identity of the remote client(Paulsen, col.7, lines 34-35). 
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One skilled in the art at the time of the invention would have been motivated to 
combine Schneider and Paulsen in order to provide a method for secure communication 
between a remote computer and a private computer network(Paulsen, col.1, lines 8-12). 

As per claim 2, a method as recited in claim 1 , further comprising the steps of 
providing, at one of the network devices, a mapping of a plurality of identifiers of virtual 
private networks to corresponding views of subsets of managed objects(Paulsen, Fig.1- 
4, Schneider, Fig.7-14).Motivation to combine set forth in claim 1. 

As per claim 9, a method of controlling access of network management requests 
directed to one or more network devices that participate in a virtual private network, the 
method comprising the computer-implemented steps of: 

receiving a req uest to carry out a management protocol operation(Schneider, cqL2, 
lines 6-24), wherein the request contains a virtual private network identifier in a security 
name value(Paulsen, col. 7, lines 31-39); extracting the security name value and 
determining a protocol operation that is embodied in the request(Schneicler, Fig.1 , 
Fig. 20); using a view-based access control model(Schneider, Fig. 12), matching the 
security name value to a management information base view that corresponds to the 
requested operation(Paulsen, col. 7, lines 31-45); processing the requested operation 
only if access is allowed to managed objects in the management information base, 
based on the matching management information base view(Schneider, col. 5, line 61- 
col.6, line 16, Paulsen, col. 7, lines 31-45). Motivation to combine set forth in claim 1. 
As per claim 10, a method as recited in Claim 9, further comprising the steps of 
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determining whether the request can be satisfied(Schneider, Abstract); extracting the 
security name value from a context string in the request(Paulsen, col. 7, lines 32- 
45). Motivation to combine set forth in claim 9. 

Claims 14, 19, 20 are rejected based on the same rationale as claim 1(see 
above). Motivation to combine set forth in claim 1. 

Claim 15 is rejected based on the same rationale as claim 2(see above). 
Motivation to combine set forth in claim 2. 

Claims 3,16 are rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent 6,785,728 issued to Schneider et al. (Schneider) in view of US Patent 6,055,575 
issued to Paulsen et al.(Paulsen) in further view of RFC 2571 , "An Architecture for 
Describing SNMP Management Frameworks", written by D. Harrington. 

Schneider in view of Paulsen teaches all of the limitations of claim 1 , however 
does not explicitly teaches as per claim 3, a method as recited in Claim 1 , further 
comprising the steps of providing, at one of the network devices, a mapping of a 
plurality of identifiers of virtual private networks to corresponding views of subsets of 
managed objects, in the form of one or more entries in a view-based access control 
model table that associate SNMPv3 securityName values to corresponding MIB Views. 

Harrington explicitly teaches a mapping of a plurality of identifiers of virtual 
private networks to corresponding views of subsets of managed objects, in the form of 
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one or more entries in a view-based access control model table that associate SNMPv3 
securityName values to corresponding MIB Views(pages 1 5-25). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Schneider in view of Paulsen to explicitly add 
a mapping of a plurality of identifiers of virtual private networks to corresponding views 
of subsets of managed objects, in the form of one or more entries in a view-based 
access control model table that associate SNMPv3 securityName values to 
corresponding MIB Views as taught by Harrington in order provide the framework for 
SNMPv3(Harrington, page 14). 

One skilled in the art at the time of the invention would have been motivated to 
combine Schneider and Pay Harrington in order to provide a method for 

improvement in the SNMP(Harrington, page 1). 

Claim 16 is rejected based on the same rationale as claim 3(see above). 
Motivation to combine set forth in claim 3. 

Claims 4,8,11,17 are rejected under 35 U.S.C. 103(a) as being obvious over US 
Patent 6,785,728 issued to Schneider et al. (Schneider) in view of US Patent 6,055,575 
issued to Paulsen et al.(Paulsen) in further view of RFC 2575, "View-based Access 
Control Model for the Simple Network Management Protocol", written by B.Wijnen. 

The applied reference has a common assignee with the instant application. 
Based upon the earlier effective U.S. filing date of the reference, it constitutes prior art 
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only under 35 U.S.C. 102(e). This rejection under 35 U.S.C. 103(a) might be overcome 
by: (1) a showing under 37 CFR 1.132 that any invention disclosed but not claimed in 
the reference was derived from the inventor of this application and is thus not an 
invention "by another"; (2) a showing of a date of invention for the claimed subject 
matter of the application which corresponds to subject matter disclosed but not claimed 
in the reference, prior to the effective U.S. filing date of the reference under 37 CFR 
1 .131 ; or (3) an oath or declaration under 37 CFR 1 .1 30 stating that the application and 
reference are currently owned by the same party and that the inventor named in the 
application is the prior inventor under 35 U.S.C. 104, together with a terminal disclaimer 
in accordance with 37 CFR 1 .321 (c). For applications filed on or after November 29, 
1999, this rejection might als o be overcome by showing that the subject matter of the 
reference and the claimed invention were, at the time the invention was made, owned 
by the same person or subject to an obligation of assignment to the same person. See 
MPEP § 706.02(l)(1) and § 706.02(l)(2). 

Schneider in view of Paulsen teaches all the limitations of claim 1 , however does 
not explicitly teaches as per claim 4, a method as recited in Claim 1 , further comprising 
the steps of providing, at one of the network devices, one or more entries in a 
view-based access control model table that associate SNMPv3 securityName values to 
corresponding MIB Views, wherein each of the securityName values is associated with 
a virtual private network, and wherein the corresponding MIB Views represent access 
control policies applicable to the associated virtual private networks. 
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Wijnen teaches at one of the network devices, one or more entries in a 
view-based access control model table that associate SNMPv3 securityName values to 
corresponding MIB Views, wherein each of the securityName values is associated with 
a virtual private network, and wherein the corresponding MIB Views represent access 
control policies applicable to the associated virtual private networks(pages 5-10). 

Therefore it would have been obvious to one ordinary skilled in the art at the time 
of the invention to modify the method of Schneider in view of Paulsen to explicitly add 
one of the network devices, one or more entries in a view-based access control model 
table that associate SNMPv3 securityName values to corresponding MIB Views, 
wherein each of the securityName values is associated with a virtual private network, 
and wherein the corresponding MIB Views represent access control policies applicable 
to the associated virtual private networks as taught bye Wijnen in order to restrict 
access of the rights of some groups to only a subset of the management 
information(Wijnen, page 4) 

One skilled in the art at the time of the invention would have been motivated to 
combine Schneider and Paulsen and Wijnen in order to provide a method for remotely 
managing the configuration parameters for the View-based Access Control Model. 

As per claim 8, a method as recited in Claim 1, further comprising the steps of: 
providing, at a network management station that is communicatively coupled to the 
network devices, a mapping of a plurality of virtual private network identifiers(Paulsen, 
Fig.2) to SNMPv3 securityNames(Wijnen, pages 3-10); providing, at the network 
management station, an executable process that associates a virtual private network 
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identifier with each SNMP request that is issued by the network management station to 
the network devices(Wijnen, pages 3-10). Motivation to combine set forth in claim 4. 

As per claim 1 1 , a method as recited in Claim 10, wherein the matching step 
further comprises the steps of determining whether the security name is in a view-based 
access control model table; rejecting and returning the request when the security name 
is not found in the view based access control model table(Wijnen, pages 3-10). 
Motivation to combine set forth in claim 4. 

Claim 17 is rejected based on the same rationale as claim 4(see above). 
Motivation to combine set forth in claim 4. 

Claims 5,1 2,1 8_are rejected _und_er 35 U.S.C. 1 03(a) as being un p_^entabl_e_ oyer _ 

US Patent 6,785,728 issued to Schneider et al. (Schneider) in view of US Patent 
6,055,575 issued to Paulsen et al. (Paulsen) in further view of US Patent 6,614,791 
issued to Luciani et al.(Luciani). 

Schneider in view of Paulsen teaches all the limitations of claim 1 , however does 
not explicitly teach as per claim 5, a method as recited in Claim 1 , further comprising 
the steps of providing, at one of the network devices, a mapping of a plurality of 
identifiers of virtual private networks to corresponding views of subsets of managed 
objects, and wherein the steps of identifying a subset of objects arid providing the 
request with access comprise the steps of: determining whether the identifier from the 
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request is in the mapping; when the identifier from the request is in the mapping: 
identifying a management information base, variable referenced in the request; 
based on one or more views referenced in the mapping, determining whether a 
protocol operation of the request is allowed for the variable; dispatching information 
identifying the variable and the protocol operation to a code implementation of the 
protocol operation only when the protocol operation is allowed for the variable. 

Luciani teaches the steps of providing, at one of the network devices, a mapping 
of a plurality of identifiers of virtual private networks to corresponding views of subsets 
of managed objects, and wherein the steps of identifying a subset of objects arid 
providing the request with access comprise the steps of: determining whether the 
identifier from the request is in the mapping(col.2, lines 45-67); when the id^tLfMfrom 
the request is in the mapping(col.2, lines 53-61): identifying a management information 
base, variable referenced in the request(col.2, Iines53-61); based on one or more views 
referenced in the mapping, determining whether a protocol operation of the request is 
allowed for the variable(col.2, lines32-40); dispatching information identifying the 
variable and the protocol operation to a code implementation of the protocol operation 
only when the protocol operation is allowed for the variable(col.2, line 65-col.3, line 5). 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the method of Schneider in view of Paulsen to add determining 
whether the identifier from the request is in the mapping; when the identifier from the 
request is in the mapping: identifying a management information base, variable 
referenced in the request; based on one or more views referenced in the mapping, 
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determining whether a protocol operation of the request is allowed for the variable; 
dispatching information identifying the variable and the protocol operation to a code 
implementation of the protocol operation only when the protocol operation is allowed for 
the variable as taught by Luciani in order to support different protocols in a 
communication network(Luciani, col.1, lines 21-25). 

One ordinary skill in the art at the time of the invention would have been 
motivated to combine Schneider, Paulsen, and Luciani to provide a method for a shared 
communication network by multiple consumers(Luciani, col. 2, lines 21-25). 

Claims 12, 18 are rejected based on the same rationale as claim 5(see above). 
Motivation to combine set forth in claim 5. 

Claims 6,7,13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent 6,785,728 issued to Schneider et al. (Schneider) in view of US Patent 
6,055,575 issued to Paulsen et al. (Paulsen) in further view of US Patent 6,664,978 
issued to Kekic et al.(Kekic). 

Schneider in view of Paulsen teaches all the limitations of claim 1 , and further 
teaches dispatching information identifying the variable and the protocol operation to a 
code implementation of the protocol operation only when the protocol operation is 
allowed for the variable(Paulsen, col.9, line 33-col.12, line 67), however does not 
explicitly teach as per claim 6, a method as recited in claim 1 , further comprising the 
steps of providing, at one of the network devices, a mapping of a plurality of identifiers 
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of virtual private networks to corresponding views of subsets of managed objects, in the 
form of one or more entries in a view-based access control model table that associate 
security name values to corresponding MIB Views, and wherein the steps of identifying 
a subset of objects and providing the request with access comprise the steps of: 
determining whether the identifier from the request is in the view-based access control 
model table; when the identifier from the request is in the view-based access control 
model table: identifying a management information base variable referenced in the 
request; based on one or more MIB Views referenced in the view-based access control 
model table, determining whether a protocol operation of the request is allowed for the 
variable. 

Kek ic teaches determining whether the identifier from the request is in the 
view-based access control model table(col.3, lines 20-22, col.4, lines 32-49); when the 
identifier from the request is in the view-based access control model table: identifying a 
management information base variable referenced in the request(col.4, lines 32-49); 
based on one or more MIB Views referenced in the view-based access control model 
table, determining whether a protocol operation of the request is allowed for the 
variable(col.4, lines 38-42); 

Therefore it would have been obvious to one ordinary skill in the art at the time of 
the invention to modify the method of Schneider in view of Paulsen to add determining 
whether the identifier from the request is in the view-based access control model table; 
when the identifier from the request is in the view-based access control model table: ' 
identifying a management information base variable referenced in the request; based on 
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one or more MIB Views referenced in the view-based access control model table, 
determining whether a protocol operation of the request is allowed for the variable as 
taught by Kekic in order to manage heterogeneous computer network elements(Kekic, 
col. 1, lines 18-20). 

One ordinary skill in the art at the time of the invention would be motivated to 
combine Schneider, Paulsen, and Kekic to provide a method to manage different 
devices in a network(Kekic, col.1 , lines 42-50). 

Claim 7 is rejected based on the same rationale as claim 6 (see above). 
Motivation to combine set forth in claim 6. 

As per claim 13. The method as recited in Claim 10, further comprising the steps 
of det er minin g whether the security name is in a view-based access control mod el ta ble; 
when the security name is found in the view-based access control model table: 
identifying a management information base variable referenced in the request(Kekic, 
col.4, lines 32-49); based on one or more views referenced in the view-based access 
control model table, determining whether the protocol operation is allowed for the 
variable(Kekic, col.4, lines 38-42); dispatching information identifying the variable and 
the protocol operation to a code implementation of the protocol operation only when the 
protocol operation is allowed for the variable(Paulsen, col. 9, line 33-col.12, line 67); 
using a "find first" function, determining whether a virtual private network identifier is 
referenced in the request(Kekic, col.4, lines 32-39), processing the request using 
managed information objects in a default view when no virtual private network identifier 
is referenced in the request(Kekic, Figs.3-9D), and processing the request using 
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management information objects in a view corresponding to the virtual private network 
identifier only when a virtual private network identifies is referenced in the 
request(Kekic, col.4, lines 32-39).Motivation to combine set forth in claim 6. 



The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Backhean Tiv whose telephone number is (571 )272- 
3941. The examiner can normally be reached on 9 A.M.-12 P.M. and 1 -6 P.M. 
Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung can be reached on (571) 272-3939. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application' may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). ^ n 
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